31490187239d8e2613de5ed56e33836c

General

Target

31490187239d8e2613de5ed56e33836c
Size

368KB
MD5

31490187239d8e2613de5ed56e33836c
SHA1

4f2f103c0e45af5e91d8e8381a508b459fb4fd23
SHA256

eb0ecc2ac489f915f7d20af3b645cfaa0f76148b67ed283b8adf55201aa107a3
SHA512

fb8c4bdcfc909a304dd390c183608833dd3bc2e9262b3698ca97a07569a92431e06e2d43f5b015355110a15802e93302175c3e11f0d6929853855d898c891f07
SSDEEP

1536:8LotLAh4fa72V+Yk7yYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYf:aotLAqfaqV+5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31490187239d8e2613de5ed56e33836c

Files

31490187239d8e2613de5ed56e33836c
.dll regsvr32 windows:4 windows x86 arch:x86

e18096ae0529698c86df9a0d6c0018ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrCmpW
StrStrW
StrCatW
StrCmpIW

kernel32

ExitThread
LoadLibraryExA
CreateThread
CreateMutexA
ResetEvent
CreateFileMappingW
GetProcessHeap
lstrcatA
lstrcpyA
InitializeCriticalSection
GetBinaryTypeW
CloseHandle
GetLastError
lstrcpynA
GetProcAddress
FreeLibrary
LoadLibraryA
WideCharToMultiByte
GetModuleFileNameA
MultiByteToWideChar
GetTimeFormatA
GetDateFormatA
lstrcmpA
lstrcmpiA
GetModuleHandleW
PulseEvent
CreateEventA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
WaitForSingleObject
Sleep
GetTickCount

user32

SetTimer
GetWindowRect
MoveWindow
CreateWindowExW
RegisterClassExW
DispatchMessageW
GetClassNameA
GetMessageW
SetWindowsHookExW
DefWindowProcW
DestroyWindow
GetSystemMetrics
wsprintfA
GetWindow
SendMessageW
CallNextHookEx
GetClientRect
TranslateMessage
ShowWindow

oleaut32

SafeArrayLock
SysAllocStringByteLen
VariantClear
VariantCopy
SafeArrayUnlock
SysAllocString
VariantInit
SysAllocStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e18096ae0529698c86df9a0d6c0018ad

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 50KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 50KB

.reloc
Size: 2KB - Virtual size: 2KB